Cloudmark is now part of Proofpoint. Learn More

About Proofpoint

Cyber Monday email fraud: UPS “package not delivered”

Cyber Monday sales can mean big savings for shoppers and massive profits for scammers. One campaign Cloudmark has been tracking, as we ramp up to the holiday shopping season, is the UPS “Package Not Delivered” scam designed to prey on online shoppers who are worried about the timely delivery of their purchases. The emails look and feel like they are coming from legitimate shipping outlets such as UPS but in fact, the emails either have virus infected zip files attached to them or they direct recipients to infected sites through the clickable links embedded in the html content.

 Screenshot of UPS email fraud

Screenshot of UPS email fraud

We’ve seen a number of variants in this campaign (some with attachments, some with no attachments and bad links), all of them personalized to the recipient, and sent from an ever-changing list of fake UPS employees or the generic “UPS Customer Services”.

The from address is faked so that it appears to come from the domain  Many of the images are copied from legitimate UPS emails and many of the links go to the legitimate UPS site.   However, clicking on the call-to-action link that says “Track your shipment now” will take the unsuspecting consumer to a website that can infect the computer with a virus.

Initial reports indicate that spammers were testing out the campaign and the effectiveness of the spam defenses.  Cloudmark observed a lull over the weekend, which was followed by a huge blast with rapidly evolving mutations on content.  Cloudmark’s flexible fingerprinting system was able to stop the attack within 12 minutes.

Timeline of the UPS email fraud
Timeline of the UPS email fraud

With Cyber Monday kicking off the online holiday shopping frenzy, online shoppers should remember to be vigilant about any email message that they receive.  No matter how eager they are for their shiny new purchases to arrvive, they should take the time to check the original shipping confirmation that comes directly from the online vendor where the purchase was made.

In addition, rather than clicking on embedded links in an email, they should go directly to the shipping site and plug in the tracking number.

4 thoughts on “Cyber Monday email fraud: UPS “package not delivered””

  1. I been getting at least one of these a day now. The return address is no good and UPS will not answer my emails about it nor it seems are they trying to do anything about it

  2. I have encountered one of those cases few days back. I am amased that these e-mails tend to appear so legitimate and real that any literate person can get fooled. Fortunately I was lucky enough that I didn’t get into that trap.

Leave a Reply

Your email address will not be published. Required fields are marked

Learn More About Cloudmark
Our Products
News and Events
Site Map  •  Privacy Policy  •  ©2002–2020 Cloudmark, Inc.